CVE-2026-3802 is a stack-based buffer overflow vulnerability identified in the Tenda i3 router firmware version 1.0.0.6(2204). The flaw resides in the formexeCommand function, which processes requests to the /goform/exeCommand endpoint. Specifically, the vulnerability arises from insufficient bounds checking on the cmdinput parameter, allowing an attacker to supply a crafted input that overflows the stack buffer. This overflow can corrupt the stack, potentially overwriting the return address or other control data, enabling remote code execution or denial of service. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly dangerous. The CVSS v4.0 score of 8.7 reflects its high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges needed. Although no public exploits are currently observed in the wild, the public disclosure increases the likelihood of exploitation attempts. The affected product, Tenda i3, is a router commonly used in home and small office networks, making this vulnerability a significant risk for those environments. No official patches or mitigation instructions are currently provided, necessitating immediate attention from users and administrators.

The impact of CVE-2026-3802 is substantial due to the potential for remote code execution on affected Tenda i3 routers. Successful exploitation can lead to full compromise of the device, allowing attackers to intercept, modify, or disrupt network traffic, install persistent malware, or pivot into internal networks. This threatens the confidentiality of sensitive data, the integrity of communications, and the availability of network services. For organizations, this could result in data breaches, network outages, and unauthorized access to internal resources. The vulnerability's remote and unauthenticated nature increases the attack surface, especially for devices exposed to the internet or untrusted networks. Small businesses and home users relying on Tenda i3 routers are particularly vulnerable, as these devices often lack advanced security monitoring. The absence of known exploits in the wild currently limits immediate widespread impact, but the public disclosure and high CVSS score indicate a critical risk if exploited.

1. Immediate mitigation should focus on isolating affected Tenda i3 devices from untrusted networks, especially the internet, to reduce exposure. 2. Monitor network traffic for unusual activity targeting the /goform/exeCommand endpoint or suspicious command injection attempts. 3. Implement network segmentation to limit the impact of a compromised router on internal systems. 4. If possible, disable or restrict access to the /goform/exeCommand interface via firewall rules or router configuration to prevent exploitation. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once available. 6. Consider replacing vulnerable devices with models from vendors with a stronger security track record if patches are not forthcoming. 7. Employ intrusion detection/prevention systems (IDS/IPS) that can detect buffer overflow attempts or anomalous HTTP requests targeting router management interfaces. 8. Educate users and administrators about the risks of exposing router management interfaces to the internet and enforce strong network perimeter controls.